Jump to content

Peer Client Verification


Recommended Posts

Just an idea I had yesterday, Don't even know if it would be worth the time but here it is.

I would like to see some sort of system to verify that the peers connected are actually using the client they are reporting. I realize that we could not force other clients to do the same and thus probably couldn't be sure of their users, but seeing as the large majority of users do use the bittorrent/utorrent client I believe it would see a good acceptance.

As for functionality I would propose some sort of check-sum verification on the client version (possibly on the whole executable to make sure no modifications have been done)

One way would be to add an extra part to the connection handshake should a recognized utorrent version be detected (newer than 2.03 say) (older peers would not be able to use this but they will be obsolete within a couple of months anyways.)

Another thought I had would be for at the start-up of utorrent for the client to quickly connect to the utorrent server (or another setup to do this) transmit its check-sum, version number and current IP and some sort of time stamp requiring updating and receive a response back with a second check-sum (obtained through some algorithm with the previous) that value could then be sent during the handshake to the other client for verification (that way each client would be given a unique value every time)

After this would be implemented I would propose a sort of green icon signifying an approved utorrent client, and older clients would be exempt from this, but people would be aware that there may be security risks associated with connecting to a non-supported possibly modified client. Faked clients or ones with improper check-sums would be given a red logo or by a new option in the preferences have the connection dropped before the handshake is completed (that option wouldn't necessarily be required. just another suggestion)

The reason for this is that there have now been people, whether for personal gain (by cheating the protocol) or data logging purposes (breaching of privacy) that have been using modified clients or ones of their own design but still use the uTorrent name to appear legit. I don't believe this is good for the community or the technology as a whole. This would help migrate all users to the new versions and remove any existing problems associated with the old ones. Should other clients wish to use this system as well it wouldn't be hard to do so, all that would be required is a master list (updating every time a new version was released) of versions and their associated check-sums for every client participating. and an algorithm to determine the value to return as well as a way to decode it.

If there are any questions feel free to ask, and I will try to answer to the best of my ability/imagination.

Link to comment
Share on other sites

Any means of verifying the client can also be faked.

The check will make the handshake more complex and take slightly longer as well.

"data logging purposes (breaching of privacy) that have been using modified clients"

...Can be done without modifying the program.

Link to comment
Share on other sites

Many of those faked peers also send faked data as well, removing them from the connections would save download bandwidth and clean up the swarms.

Yes it would be possible to be faked but it would be much harder should they not know how it works, Also the majority of the privacy threatening (anti-p2p groups) would be unable to do so due to current laws about backwards engineering. Since uTorrent isn't opensource it would be illegal for them to attempt to change such an feature.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...